1. Field of the Invention
The present invention relates to a communication control apparatus, a communication control method and a communication control program product, to restrict the processing of inappropriate connection requests in an environment in which IPv6 addresses are used.
2. Description of the Related Art
The largest computer network, i.e., the Internet, can be accessed and employed worldwide by the public to utilize information and services, provided by a variety of companies for users having Internet access, and to develop new businesses. As a result, a progress made in Internet development and the advancement of new Internet usage techniques has become remarkable. In the Internet, each terminal has an identifier, an IP address that is used for exchanging packets. As an example, pursuant to Transmission Control Protocol (TCP) (see IETF RFC793 Transmission Control Protocol, Darpa Internet Program, Protocol Specification, September, 1981), four items are required to identify a connection, i.e., for a transmitter and receiver connection, an IP address and a port number are required for each terminal. And since TCP is a connection type protocol, these four items, at the least, must be stored in each terminal when a TCP connection is established. Thus, a malicious user may be able to employ the characteristic arrangement to establish an illegal connection, and to mount an attack to deplete the hardware and software resources (hereinafter referred to simply as resources) of a target terminal.
According to the currently employed Internet Protocol version 4 (IPv4), the address space is configured in 32 bits, and as the address is depleted, the number of addresses available for allocation for each user became drastically reduced. Therefore, for the same IP address, the number of available accesses is limited to prevent a resource depleting attack.
Recently, however, Internet protocol version 6 (IPv6) (see IETF RFC2460 Internet Protocol, Version 6(IPv6) Specification, December, 1998) has been developed and put into practical use, and for IPv6 the address space has been expanded to 128 bits.
Since for IPv6 the address space has been expanded to 128 bits, a network can accommodate 64-bit addresses when IPv6 is used. But while, for IPv6, the use of this wide address space confers many advantages, the size of the address space facilitates its effective use by an malicious user. That is, when the malicious user is able to connect his or her terminal connected to a specific network, by using the address width, substantially 64 bits, the user can attempt to attack on a target terminal. Further, since according to IPv6 an individual terminal is permitted to accommodate a plurality of networks, a wider address space may be allocated. Therefore, with IPv6, the attack by an malicious user to deplete resources can not be avoided simply by comparing addresses, a conventional procedure employed with IPv4.